Due to its data stealing capabilities, ZeuS P2P (aka Gameover) is a prevalent and serious threat towards both online banking services, companies and ordinary end-users .
Most people have already heard of ZeuS P2P, but in short, it is an improved and complex code based on the ZeuS/Zbot source code that was leaked in 2011: https://www.csis.dk/en/csis/blog/3229/
ZeuS P2P is a black-market Crime as a Service setup (CaaS). It hosts several unique campaigns/BOTids in a bullet proof hosting (BP) infrastructure and provides a full featured multiservice for organized and hardcore cybercriminals.
Upatre
The dropper identified as “Upatre” is often seen attached in spam mail campaigns and acts basically as the door opener which downloads the ZeuS P2P main component using various filenames to camouflage the hostile action and also implements SSL to encrypt the download traffic. This approach is used to effectively bypass most perimeter defenses.
Resilient: rootkit, P2P, DGA, BP hosting
The malware itself consists of several components and advanced features. Obvious ZeuS P2P rely on Peer to Peer, a DGA (Domain Generating Algorithm) and other fallback functions, which makes it both more resilient and less transparent.
The masterminds behind the ZeuS P2P CaaS have clearly obtained technical knowledge and experience in takedowns and have made this botnet much more robust and stabile as compared to other threats we are monitoring. ZeuS P2P supports both UDP and TCP for communication tasks including peer list exchange, Command & Control (C&C) server registration and malware updates.
To make ZeuS P2P harder to remove from a compromised host, it recently implemented a rootkit dropped with a random filename into kernel user land: [%windows system folder%]drivers. This rootkit is known as Necurs.
The ZeuS based webinjects
The malware also includes a basic ZeuS webinject template, but each customer in the ZeuS P2P CaaS can modify and add new advanced webinjects and increase the number of targets.
Below, there is an overview of unique webinjects used by ZeuS P2P in Q1 2014. 
Analyzing the above stats, it becomes obvious that the different perpetrators utilizing ZeuS P2P as a digital data harvesting weapon, are not surprisingly still maintaining, developing and improving their webinjects to hit a broader range of victims and targets. From 1097 unique “brands” targeted in the beginning of 2013 has now expanded to 1515 by the end of Marts 2014. That’s an increase in 418 new targets in just a quarter!
Amongst the “new countries” being significantly targeted by this malware family we are seeing: South Africa, Nigeria, India, Singapore, Turkey, UAE, Saudi Arabia, Australia, Croatia, Greece, but in general we are seeing brands from all over the world being attacked.
We have noted significant geographically wider spread targets, which means different gangs of ZeuS P2P have begun attacking targets in countries that have previously not been hit as hard as they are as a result of this. As a direct consequence, the new targets will need to improve their security to prevent losses related to the ongoing attacks coming out of the ZeuS P2P CaaS.
We estimate that the complete infrastructure of ZeuS P2P has infected and controls several million unique PCs across the globe.